jimmyus333333

I took a good look at the Wifi-WEP registry configuration based upon the information Dell gave us two days ago. For an individual device, a valid, entered WEP connection is stored in the registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Param eters\Interfaces\ODIM\TIACXWLN1]

The "ActiveSettings" binary contains a combination of the SSID and an "encrypted" value of the WEP entered for that configuration. The little documentation I have looked at indicates that the use of this key is dictated by the vendors(Dell) of the wifi adapter.

Any restoration of that key almost gets you to where you need to go with deploying that key to multiple devices.

HOWEVER....

The WEP is encrypted in this registry key using OS generated MasterKeys "default.mky" & "System.mky" located in /windows. It both keys are required for the Crypto as some sort of "Public/PrivateKey" decoding of the WEP from the above registry key.

The "default.mky" is OS generated real time when it's needed from the internal crypto api. (The OS also regenerates a NEW(and of course different" key on a soft/hard restart if the default.mky file is deleted or "corrupt"). The "System.mky" is generated by your driver when it saves the WEP information in the WZCSVC entry.

Deletion/corruption of either the "System.mky" or "default.mky" prevents decoding of the registry key containing the WEP for your driver. (This requires the user to re-enter the information from scratch using the Dell WLAN Utility).

So, why don't I just import the registry key, plus copy the "default.mky" & "System.mky" files along to each device....

Well..the best I can discern, is that there is internal Crypto SEED/RNG values or a CRC check used to verify that integrity of the "default.mky" and therefore the "System.mky" when they are used for each device. If they are invalid, the OS will replace the "default.mky" with a new one, invalidating any registry encrypted entries.

Where did I go next? Well..there is a registry entry:
[HKEY_LOCAL_MACHINE\init\BootVars]
"MasterKeysInRegistry"=dword:1

What this does is store the masterkeys into the registry under:
[HKEY_LOCAL_MACHINE\System\DPAPIKeys\default] ....
&
[HKEY_LOCAL_MACHINE\System\DPAPIKeys\System] ...

So, I tried that...I backed up the registry and then imported the required keys to a different device, but the OS saw it with the same SEED/RNG check, and replaced the keys with newly generated keys, thus invalidating the WEP decryption by your driver as before.

Now, I'm stuck. This is where I'd like your help.
Thanks.

__________________
JIM

jimmyus333333

Ok. No help. This forum isn't really that helpful.

I do know the WIFI driver api I'd like documentation for that would help me out tremendously.

__________________
JIM

bhartley

Hmmmmm, I get the impression most of the users here don't have quite the WEP and registry know-how you do, it might take a while before soemone who has the knowledge to help you comes along.

My excuse? I dont have my axim yet, so I can't even begin to help. My best guess is that you should find the source of the built-in integrity checker and see if you can disable/fool it, unless it's deep in the kernel or something.....

Dad

This may seem simplistic, but assuming you are rolling out new pda's are you able to backup the entire PDA, and restore that backup to a second one and not lose your wep settings? there are probably 3rd party clone apps orbackup apps available also if the inbuilt backup doesn't cut it ...

Howard2k

It's not a case of "not being helpful". This is specialized stuff though. Not "how do I setup WEP on my Axim" :)

I would suggest that since it's really developer help that you need to find some good dedicated developer forums. Or even some of the MS Newsgroups. Use the right tools for the job :)

There might be people that come across here and know your answer but it's specialized.

__________________
Always read stuff that will make you look good if you die in the middle of it.

bhartley

Yeah, it is a pretty specific question, only a handful of people here have enough expertise in that specific area to answer meaningfully. Maybe you'd have more luck if this was moved to the Developers section? Dad's backup/restore/clone idea seems good tho.

fulltext

Not relevant to your specific question, but may help someone seeking to secure a large number of PDAs on a net -

http://www.credant.com/mailerRegistr...?cmp=maDPWP_IB

__________________
So many programs, not enough ROM
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.



To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
- extreme hardware chick

"Once you can accept the universe as matter expanding into nothing that is something,
wearing stripes with plaid comes easy." - Albert Einstein